Adventures in Identity Management
Notification of an MVP award was in my inbox this morning - a very nice way to start the new year!
I only hope I can find myself some good ILM 2 projects in 2009. The last few months of 2008 was all about Exchange, and next week I’m off on a SCOM course. Still, I’ve always said I love working in IT because I’m always learning something new!
Wishing all my readers a happy 2009, filled with the things that are really important.
Still on Exchange migrations here, and after wasting half today on a very strange certificate problem, here’s the solution I eventually found.
Another off-topic post today, because lately it’s all been migrations - Exchange migrations, data migrations, printer migrations…. I think I might have to rename this blog Miss Migrations!
As part of an enourmous data migration involving server name and drive letter changes, I was tasked with repairing links in thousands of Excel spreadsheets. We trialled a commercial link fixing product but abandonned it because of its unfriendly habit of making you start right back from the beginning whenever it crashed, which it did regularly.
I wrote a few vbscripts and, while definitely slower and not without their own problems (mostly caused by the Excel docs themselves, and their multiplicitous configurations, macros and protective devices), I could at least control my file lists, and make modifications as needed.
The most popular post on this blog continues to be Adding Exchange 2003 Mailboxes to Existing Accounts so I’m guessing this is something a lot of people need to do.
I hadn’t posted an Exchange 2007 method earlier because I haven’t needed to do it in production, and the ongoing pledge of my blog is that I do not theorise. I’m not promising you that my ways are the best or the most correct - just that I know work because I’ve done ‘em.
Nonetheless I decided that, for this example, it was worth hitting the lab to see if my old method worked for 2007. I had assumed that all I would need to add to the process was a recipient-update powershell command…
but it didn’t work. Looks like recipient-update only recognises accounts that already have mailboxes.
So in this post I will now present a possible approach, with the caveat that this is only tested in the lab.
In this post I discussed some ways to simplify an MIIS/ILM installation, with a view to making it more efficient and easier to troubleshoot and maintain. I have a few more points for the list.
I have just completed what initially sounded like a fairly straight-forward project - install Exchange 2007 and migrate 35 mailboxes from Lotus Notes. The migration would be one-shot - so no need for a coexistance phase.
Such a small migration didn’t seem to warrant the purchase of Quest or Transend - and besides, the Microsoft recommendation is to use their very own, freely supplied Transporter. Having only ever used the IMAP migrator before, and with no problems, I went blithely into the project, assuming it would all be straight forward.
Well let me tell you - next time I’m going to push for the 3rd parties! Getting Transporter working was hard, keeping it working was hard, and certain emails were, for no apparent reason, un-migratable. However, if you do find yourself having to work with this tool, here are a few tips. Read the rest of this entry »
The AD management agent uses an account to connect to AD and, more often than not, this account is a member of Domain Admins. However in some organisations this is not acceptable. So what rights does it actually need?
Since finally getting around to enabling blog stats I can see the Exchange posts continue to be popular so, to add to the series, here is a step-by-step guide to basic Exchange 2007 provisioning with ILM 2007.
I would love nothing better than to do one ILM project after another, but it doesn’t always pan out like that, so now I’m back to the bread-and-butter work of server installations, email migrations and security audits. Still, it’s giving me an opportunity to get my powershell skills up to date.
This post, after some blurb, includes a script I wrote to extract data from an Excel spreadsheet. At this point I don’t think I’ll actually use it, but it was an interesting exercise.
Maybe it’s because MIIS is a sort of infrastructure thing, so is given to a time-pressed system administrator to set up; or because it’s a sort of programming thing, so is given to a .NET developer with no clue about the connected directories; or because there’s a lack of good training; or no clear guidance on best practises…. whatever the reason, it’s pretty easy to get in a mess with MIIS.
My mantra in all things IT is Keep It Simple, Stupid (well, that and Go Home And Sleep On It, though GHASOI doesn’t have such a nice acronym). Whatever complicated messy solution presents itself first, there is almost always a far more simplistically elegant one lurking in the wings, and though you might have to tidy up some of your earlier patch jobs to get to it, simplicity is always a worthwhile goal in itself, contributing to the long-term maintainability and transparency of your system.
So here are my top tips for a KISSable MIIS installation.
